To whome it may concern,
$ cat /etc/hosts | grep machines | wc -l
This is a number of IoT devices from leak alarms, vacums, lamps, washing machines to RainMachine in our Home WiFi. Frem security perspective there is no reason to expect that any one of these devices is secure or remains so over [extended] period of time. In order to minimze damage and mitigate any lateral movement when one of the devices evetually gets hacked, I am enforcing a strict client separation in air interface and in wireline network. One result of this is that one device in WiFi cannot access other, which completely breaks your setup process using iPhone App (e.g. it works to the point where I enter WiFi password, after which seemingly both RM and phone connect to Home Wifi and your app tries to locate RM).
I realize today this is not your typical home WiFi setup. But I guarantee that this is a direction everything will eventually move. This is also part of the reason why most sane devices/companies support setting up their devices in a way that does NOT require access to device within LAN, but instead during initial setup, device (such as RainMachine) is configured with enough details to access wifi and your remote server (e.g. in iPhone app setup rainmaster to connect to wifi, save some random ID, connect to wifi, access myrainmachine.com, connect randomID to newly created account, and complete the config via myrainmachine.com).
Now - it's great (and part of the reason I went with RM that you promise operation / setup without network access. Keep that as a backup, but please, please, please with sugar on top, allow confifuring device or remote access without having a need for a mobile app to communicate with RainMachine in Home LAN.
Please sign in to leave a comment.